Compromise Assessment

Identify current or past attacker activity in your environment

The Mandiant Compromise Assessment service allows organizations to evaluate their environments for the presence of targeted attacker activity. The Compromise Assessment has helped many organizations identify or confirm security breaches that had existed for years and resulted in theft of valuable intellectual property, personally identifiable information, payment card information, or other sensitive information.

Overview

Attackers develop custom malware and use
advanced tactics that are difficult or even impossible to detect using
conventional detection mechanisms. The Compromise Assessment service
applies our intelligence on how threat actors operate and our
experience gained from hundreds of investigations. We apply the same
leading technologies we use to respond to incidents to identify
indications of present or historical attacker activity.

Compromise Assessment will provide you with:

Answers

Compromise Assessment will tell you if you are currently compromised or if there has been past attacker activity. You will also clearly understand the extent and the severity of the compromise. Alerts are confirmed before reporting to minimize false positives.

Preliminary summary of attacker activity

Though not designed to replace an incident investigation, the Compromise Assessment will provide you with concrete findings and recommendations related to compromised systems. This may include the preliminary attack timeline and malware information.

Recommendations

Besides answering the critical question "Are we compromised?", Mandiant will also provide recommendations based on the assessment's findings. Based on the findings, we recommend immediate investigative and containment next steps, and longer-term enhancements.

Benefits of Compromise Assessments and Why Security-Conscious
Firms Use Them

Our Approach

The major activities our consultants
perform during a Compromise Assessment include:

Deploy proprietary network, host, and log inspection technology

We place investigative technology at Internet egress points and on host systems such as servers, workstations, and laptops.

Assess your environment using intelligence from prior investigations

We apply our comprehensive library of indicators of compromise to evaluate network traffic, servers, workstations, laptops, and critical log data for evidence of current and past attacker activity.

Analyze evidence

Our consultants perform host and network forensic analyses as well as malware and log analyses to conduct the assessment. We confirm initial findings to minimize false positives prior to reporting them.

Summarize findings

We provide a detailed report that summarizes the steps taken during the assessment, the major findings, and any appropriate recommendations for next steps.